Shred it – don‘t bin it. With HSM document shredders.

Everybody needs a document shredder!

Data protection concerns all of us, especially if we process the data of third parties. According to the EU General Data Protection Regulation, companies that collect, process and use personal data must ensure that these data are destroyed and disposed of reliably and in compliance with data protection laws.

Should any damage be incurred, the person or entity responsible for this may face severe fines.

The most frequent data protection gaps:

• No document shredder in use or a document shredder with the wrong security level.
• Home office workstations are forgotten.
• Rights and duties are underestimated when processing order data.
• Unauthorized persons can access offices or data via data media (USB sticks etc.

It is important that you know the following information:
Since 25 May 2018, the General Data Protection Regulation (EU-GDPR) regulates and harmonises the processing of personal data within the European Union (EU).

What are personal data?

All individual information about people’s personal or material circumstances. For example, name, age, marital status, telephone number, e-mail address, vehicle registration number, medical records and evaluations such as testimonials.

What does that mean for you?

Complete documentation and information obligation:

Chapter 3, Article 13, Paragraph 1 GDPR, Duty of information and right to information.
When personal data are collected, the controller must provide and ensure complete documentation about their purpose, period, storage and erasure.

Chapter 3, Article 17, Paragraph 1 and 2 GDPR, Right to be forgotten.
The controller is obliged to immediately and completely delete the data collected on request. They must ensure that all links to these personal data or any copies are irrevocably destroyed. For exceptions, see paragraph 3, e.g. for fulfilment of a legal obligation, such as order processing.

Chapter 4, Article 32, Paragraph 2 GDPR, Security of processing.
Technical and organizational measures to adequately protect individuals. Personal data may only be processed on the instructions of a controller and a confidentiality agreement to this effect must be reached.
A regular process for reviewing the measures taken for data security. A regular process for the monitoring of the data protection measures taken.
EU-wide obligation for organisations to employ a data protection officer.

Stricter imposition of fines

Chapter 4, Article 33, Paragraph 1 GDPR, Reports of breaches of protection.
In the event of a breach of the protection of personal data, the person responsible shall immediately report the incident to the relevant supervisory authority pursuant to Chapter 6, Article 51.

Chapter 8, Article 83, Paragraph 4 and 5 GDPR, Imposing fines.
The sanction framework has been substantially tightened. Infringements of the provisions shall be subject to fines of up to 20 million euros or up to 4% of the worldwide annual turnover for the preceding financial year.

Be safe rather than sorry ...
... and destroy personal documents at their source. At the workplace itself.

HSM provides the right solution for all security needs. We will help you choose the right shredder